Vulnerabilities > CVE-2003-0449 - Local Security vulnerability in Progress Database 9.1
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Progress Database 9.1 Environment Variable Local Privilege Escalation Vulnerability. CVE-2003-0449. Local exploit for linux platform |
id | EDB-ID:22773 |
last seen | 2016-02-02 |
modified | 2003-06-14 |
published | 2003-06-14 |
reporter | kf |
source | https://www.exploit-db.com/download/22773/ |
title | Progress Database 9.1 - Environment Variable Local Privilege Escalation Vulnerability |